[Gllug] broadband DNS etc

[Nix]

On Mon, 17 Nov 2003, t. clarke stated:
> Unless I am mistaken, the router must have an IP address (either an internal
> one or otherwise) to which you assign the default route, otherwise the PC
> cannot determine the ethernet MAC address of the router to send IP packets to
> (bad grammar, I know!).

Not necessarily the case.

You need

 - a way to get to the router's administrative interface
   (if any; many routers have web-based and/or ftp-based admin)

 - a way to get packets out of the router

Linux does not require that routes be directed at specific hosts for
non-POINTOPOINT links; only the default route must be directed at a
specific host --- and that host can be one of your own interfaces,
whereupon the packet gets lobbed out and left for routers on the network
beyond that interface to deal with. Where the packets actually go is a
layer 2 thing; IP packet destinations are irrelevant to it. If you're
using PPP half bridging or something like that (full bridging is
unlikely unless you really like playing with PPPoA) the router will ARP
for every address on the Internet, so every packet the firewall sends
out will get sent to the router and sent on to the net at large (well,
to the immediate upstream gateway on BT's net, at least).

Ignoring the routes for the administrative interface, my ADSL-bound
addresses and routes read

5: adsl: <BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1458 qdisc cbq qlen 10
    link/ether 00:60:97:79:e2:c1 brd ff:ff:ff:ff:ff:ff
    inet 194.247.41.52/24 brd 255.255.255.255 scope global adsl

194.247.41.0/24 dev adsl  proto kernel  scope link  src 194.247.41.52 
default via 194.247.41.52 dev adsl 

(`adsl' is the name of the network interface that the ADSL stuff is on;
you can rename them with `ip link set {interface} name {new-name}'.
194.247.41.52 is my ISP-assigned IP address.)

I mostly set these via dhclient, but the underlying commands dhclient's
control script executes are

ip link set adsl up multicast on txqueuelen 10 mtu 1458
ip addr add 194.247.41.52/24 broadcast 255.255.255.255 dev adsl
ip route add default via 194.247.41.52/24 dev adsl

(dhclient doesn't come with a script that uses ip(8): I hacked the
supplied script to use ip(8) instead of the limited, incoherent, and
obsolescent ifconfig and route commands. The resulting script is
slightly ugly: I ignore the netmask and force in the one that I know to
be correct, because dhclient specifies it in 255.0.0.0-style form, and
ip(8) wants it in CIDR-style /8 form, and I couldn't be bothered to
write a converter in dc or something :) )


A limited example of ip(8)'s power: the administrative interface for my
router is on 192.168.14.160: you might think this is hard to arrange, as
my internal subnet (on the other interface) is also on
192.168.14/24. But it's easy enough to arrange for packets to go the
right way, and for all packets sent from the firewall to the
administrative interface to come from a different IP address to packets
aimed out of the network link, to make it easy for the firewall to know
not to NAT them. On the firewall:

ip addr add 192.168.14.159 dev adsl
ip route add 192.168.14.160 proto static src 192.168.14.159 dev adsl

(it's the `src 192.168.14.159' that does the magic)

On every other box I just add a route for 192.168.14.160 pointing to
the firewall.


I recommend http://lartc.org/ for endless mindboggling routing and
traffic control tricks.

-- 
`Me, I want exploding spaceships and pulverized worlds and clashes of
 billion-year-old empires *and* competently written sentences.'
                                                    --- Matt Austern

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug